Why a mobile device is a lot like a laptop? Putting the D in DIT 'n' DAR

There's a lot of discussion around managing mobile devices or mobile apps with so-called MDM and MAM infrastructures for modern iPad, iPhone, Android and legacy Windows or BlackBerry tablets and smartphones.  It's already been two years since the first Gartner Magic Quadrant on mobile management and there are scores of offerings in the marketplace,  promising varying takes on managing "everything for everyone and everywhere".  That begs the questions -- is there an easier and simpler way to look at things?  Is there an 80:20 type of solution?

MDM and MAM are fine products.   A server / agent based management architecture with enough time, care and investment can be made scalable, performing and live up to its promise.   They very much fit a centralized command, control and hierarchical need  -- build a "death star" server or cloud infrastucture and agents to intermediate between mobile devices and physical or cloud data centers.   Mainframes had the idea a half century ago, much as they had many other "modern" concepts.   BlackBerry re-popularized the idea  a generation ago with its NOC servers.  However, most MDMs and MAMs offer little security beyond usernames and passwords, at best Single Sign-On (SSO), so are "weak", consumer grade security in an enterprise context where "strong" authentication and encryption are increasingly requirements.  Features like remote wipe offer some value, although are easily defeated just by being off network.   Sometimes Microsoft Active Directory (AD), a technology from the late 1990s,  is touted as the architecture, again an accent on usernames and SSO rather security.   MDM and MAM emphasize mobile management rather than mobile security.

Looking at enterprise mobility a different way,  what do folks actually do with their mobile devices or laptops for that matter?  For most, it's accessing information via web portals, forms, collaboration sites and email - lots of individuals and groups going about their business, dealing with an existing network of web and email servers, modern millenial workers  collaborating together, whether managed or secured by centralized IT, or not.  In the mobile world, the emphasis is "not".  That's something of a "rebel alliance"!

How can the two viewpoints be reconciled -- getting the work done and an overlay, trying to safeguard access to organizational secrets?   By focusing not on the infrastructure itself - hardware and apps, MDM and MAM - but on what's actually key - the data.   This too is an idea from the dawn of computing, with a couple of older acronyms -- DIT and DAR.  When moving data back and forth from a mobile device to a data center or cloud server, is it secure?   Is Data In Transit (DIT) authenticated and encrypted?  When looking at what's sitting on the device - is Data At Rest (DAR) either completely absent (zero or stateless) or encrypted and available only under authentication?  The focus is on the lifeblood of the organization -- the data -- not managing every last nook and cranny of the organizational "body".

Focusing on DIT and DAR simplifies everything since it makes securing an individual device, app or user easy (so-called BYOD), or for millions of each of them.  It doesn't need the "rebels to be brought to heel" for the remaining non web/email 20% of other mobile tasks.  It works with or without mobile management layers.   It's a frame of reference any business user can understand, whether CEO, CSO, CO or user "C3PO" -- that their tablet or smartphone are not that different from the laptop they've had for years -- just needing a bit of TLC (tender loving care) for the features they use most for work.  Everything of mobility, cloud, SaaS, consumerization and (optional) management is gained and nothing is lost, especially not the high quality user experience.

How are DIT and DAR authenticated and encrypted?  Leveraging the industry standard two factor smart card authentication and Public Key Encryption (PKE), that's been common for desktops and laptops in highly regulated organizations for over a decade.   Even before smartphones and tablets, it wasn't unheard of to leave a laptop in a cab, or have network traffic intercepted.  The security solutions are commercial off the shelf (COTS) and can run standalone, leveraging the infrastructure already in place, meeting 80% of needs, or combined with the latest MDM and MAM management tools to step up for "everything, everybody, everywhere" roadmaps.  If licensing is counted per reader rather than per mobile device or per user that in itself can significantly reduce costs.  That's putting the 'D' in data management, an old but timely idea, much like looking for the 80% of need that can be met with 20% of effort.